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EXAMINER'S ANSWER 



This is in response to the appeal brief filed April 10, 2006 appealing from the Office action 
mailed November 11, 2005. 
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Art Unit: 2136 

(1) Real Party in Interest 

A statement identifying by name the real party in interest is contained in the brief. 

(2) Related Appeals and Interferences 

The examiner is not aware of any related appeals, interferences, or judicial proceedings 
which will directly affect or be directly affected by or have a bearing on the Board's decision in 
the pending appeal. 

(3) Status of Claims 

The statement of the status of claims contained in the brief is correct. 

(4) Status of Amendments After Final 

The appellant's statement of the status of amendments after final rejection contained in 
the brief is correct. 

(5) Summary of Claimed Subject Matter 

The summary of claimed subject matter contained in the brief is correct. 

(6) Grounds of Rejection to be Reviewed on Appeal 

The appellant's statement of the grounds of rejection to be reviewed on appeal is correct. 

(7) Claims Appendix 

The copy of the appealed claims contained in the Appendix to the brief is correct. 

(8) Evidence Relied Upon 



6,401,125 



MAKARIOS ET AL 



6-2002 



6,003,084 



GREEN ET AL 



12-1999 



US 2002/0007317 



CALLAGHAN ET AL 



1-2002 



5,805,803 



BIRRELL ET AL 



9-1998 
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6,728,884 LIM 4-2004 

(9) Grounds of Rejection 

The following ground(s) of rejection are applicable to the appealed claims: 
Claims 1-3, 7-8, 9-17, and 20-28 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
US Patent 6,401,125 to Makarios et al in view of US Patent 6,003,084 to Green et al. 

As per claim 1, Makarios et al substantially teaches a method for brokering state 
information exchanged between computers using at least one protocol above a transport layer, 
the method comprising the steps of: receiving at a proxy a request from a client requesting a 
resource of an origin server wherein the transparent proxy is unknown to the client (see column 
4, lines 37 and column 4, lines 53-56) as interpreted by the Examiner, the proxy disclosed by 
Makarios et al meets the recitation of transparent proxy because the proxy is unknown to the 
cUent when the client sends the first request, the client sends the URL directly to a web server for 
HTTP objects (resource). Makarios et al discloses redirecting the client request from the 
transparent proxy to a signup web page that meets the recitation of policy module (column 4, 
lines 51-53 and column 5, lines 10-15); obtaining at the transparent proxy policy enforcement 
data wherein the policy enforcement data is received from the policy module (column 5, lines 15- 
27 and column 3, lines 1-10); a proxy cookie is generated in response to login information of the 
user and transmitting to the user to use as an authentication for further interactions with the 
proxy that meets the recitation of generating at the proxy a policy state token in response to the 
policy enforcement data (column 5, lines 10-24); and transmitting the policy state token from the 
transparent proxy to the client wherein the policy state token is used as an authentication of the 
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client to the transparent proxy for subsequent interactions between the client and the transparent 
proxy (see column 5, lines 30-51). Although Makarios et al discloses the claimed method steps 
of claim 1, Makarios et al does not provide enough details on the architecture implemented in 
the invention regarding the policy module; it is interpreted by the Examiner that the policy 
module is a program running on the web proxy server, for example, the signup web page is part 
of the system (see column 5, lines 10-17 and column 2, lines 15-35). Green et al in an 
analogous art teaches a memory configured at least in part by a transparent proxy process, a 
processor for running the transparent proxy process, (see figure 1) at least one link for networked 
communication between the transparent proxy process, on the one hand, and a client computer 
and an origin server, on the other hand, for example (see figures 2 and 3); Green et al further 
teaches a secure transparent proxy that is transparent to both a client and a server (column 9, 
lines 5-12) and transmitting packets in accordance with a defined security policy (column 5, lines 
25-30) having a security module to verify whether to grant or deny access to proxy services 
(column 7, line 48 through column 8, line 25 and column 9, line 12-67). Green et al discloses a 
transparent proxy comprising a connection manager and a security manager that meets the 
recitation of policy module residing within the same environment with the transparent proxy (see 
figure 3b and column 5, lines 34-40). In one embodiment, the proxy comprises a connection 
manager and a security manager that meets the recitation of policy module residing within the 
same environment with the transparent proxy (see figure 3b and column 5, lines 34-40), the 
proxy incorporates features of both application gateways and proxies to better serve client or the 
server depending on which side caused the firewall action to be triggered; and further discloses 
several advantages of the invention associated with the transparent proxy (column 5, lines 55 
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through column 6, line 20). Green et al discloses wherein policy enforcement data is received 
from the policy module because as the client transfers data request to the proxy, requesting 
information from a server, the proxy comprises modules and components wherein a connection 
manager operates with a security monitor which monitors the data from the client for 
conformance with predefined conditions and provides control information to the connection 
manager of the proxy which in turns controls the relay and directs it whether to establish 
connections to the server (see column 8, lines 14-25). In another embodiment, the proxy uses a 
fiher component that also meets the recitation of policy module, and the filter component 
processes the policy enforcement data an returns status to the communication component of the 
proxy, based on the status, the proxy communicates accordingly to the server (see column 10, 
lines 28-47). Therefore, it would have been obvious to one of ordinary skilled in the art at the 
time the invention was made to modify the invention of Makarios et al to implement some of 
the features of the inventive concept of Green et al, which provides a transparent proxy 
comprising security modules with more security and more versatility as taught by Green et al. 
One skilled in the art would have been motivated to do so because the transparent proxy 
disclosed by Green et al is transparent to both the client and the server, incorporating features of 
both application gateways and proxies, easy to configure, (see column 5, line 55 through column 
6, line 20), it also provides more security and more versatility where additional filtering may be 
performed as desired, and it is associated with policy module that allows the proxy to use any 
defined protocols in accordance to defined security policy and provides transparency wherein no 
devices need to change any configuration information (column 9, lines 1 1-60). 
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(10) Response to Argument 

Appellant's statements on the grounds of rejection are not correct. The issues raised by 
Appellant were fully responded under the grounds of rejection. Appellant argues that Makarios 
teaches away from a transparent proxy. Examiner's interpretation of a transparent proxy is 
correctly, reasonably, and broadly interpreted in light of Applicant's specification. For instance, 
Applicant's specification page 8, lines 19 - page 9, line 2 cites, 

"A given transparent proxy B will not necessarily recognize client A which is making the request, if earlier 
requests from client A were serviced by a different proxy or if this is the first request to the origin web 
server X. In order for the current proxy B to establish, retrieve, and maintain state, the invention uses 
state tokens in the form of transparent proxy cookies. First, B examines the HTTP request that it receives 
from client A for an object R on the origin server X, and determines that the request does not contain a 
proxy cookie meeting the intranet policy requirements." 

As noted above, a transparent proxy will not necessarily recognize client A if this is the 

first request to the origin web server X, A transparent proxy receives request from client A for 

an object on the origin server X and determines if the request contains a proxy cookie 

conforming to a policy requirement. 



Makarios et al reference column 4, lines 31-37 and lines 53-59 cites, 



"As shown in FIG. 3, in Step 100 the. system (preferably a computer program 
running on the proxy 20 or something similar) monitors requests generated by 
the browser client 10 for HTTP objects. When the browser client 10 generates 
such a request, it is intercepted and in Step 110 the system checks it to see 
if it contains a proxy cookie 50', i.e., a cookie conforming to a special 
format such as 

perucookie=<userID>; " 

'^Assume, for example, in Step 100 the browser client initially requests an 
HTTP object such as a web page as follows: 
GET http://www.bungalow.com 

Seeing no proxy cookie 50' in Step 110, in Step 120 the proxy 20 would 
redirect the browser client 10, causing it in Step 130 to generate the 
subsequent information request". 
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Therefore, Examiner's interpretation is correct. Makarios et al meets the claimed 
limitation as claimed. The proxy is transparent to the client because the proxy intercepts HTTP 
request destined for an Internet server and determines if the request contains a proxy cookie 
conformed to a special format (policy requirement). The proxy is unknown to the client when 
making the first request: "get http : //www . bungalow . com" and no proxy cookie is present. 
In addition, interaction between the client and the proxy is performed above without the client 
initially configured or registered with the proxy contrarily to appellant's argument (see 
appellant's brief page 11, lines 1-4). 

Applicant further argues that the client of Makarios must not only be aware of the proxy 
but must register with the proxy and because a user of the client must provide a username the 
proxy of Makarios is not transparent. Examiner respectfully disagrees. First as explained clearly 
above, the client of Makarios et al was not aware of the proxy, therefore the proxy must be 
transparent. Second, in response to Appellant's argument that in Makarios "the user of the client 
must provide a handle or username before interaction with that proxy can commence see 
Makarios col. 5, lines 10-17," it is noted that (steps 140-150) cited herein by Appellant are not 
executed before interaction with the proxy can commence, there was already interaction with the 
proxy in steps 1 10-130 as it will be shown below. (See also Makarios et al, claim 1). 
Appellant's argument regarding the client of Makarios is redirecting to a signup web page to 
provide a user ID for identification (see Makarios figure 4) for showing that the proxy is not 
transparent, is contradictory to the specification and the claimed invention because the claimed 
invention requires the same: a step of "redirecting the client request from the transparent proxy 
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to a policy module" and a step of "obtaining at the transparent proxy policy enforcement data 
(login information), wherein the policy module and the transparent proxy reside within a same 
environment." Applicant's specification page 9, lines 1-13 describes, (note B is the transparent 
proxy and A is the client), 

"First, B examines the HTTP request that it receives from client A for an object R on the origin server X, 
and determines that the request does not contain a proxy cookie meeting the intranet policy 
requirements." 

"B therefore formats an A-B-l state token appended to or othenwise embedded in the redirection target 
address, and redirects A to an identity broker I along with relevant request data appended to the 
identifier or otherwise attached to the HTTP redirect cohamand. That is, B uses the conventional HTTP 
redirect facility to redirect the request to a possibly novel target, and B may use familiar techniques to 
append or embed data into an URL or URI to place novel proxy cookie data in the command with the 
target address. Identity broker I extracts or otherwise separates the A-B-l state token from the address or 
request header, verifies B's credentials, and uses the HTTP redirect facility to redirect A to a login 
service L that can validate A's identity and give it authorization to use the network. The login server L 
redirects As request back to the identity broker I after A successfully logs in (note that proxy B, identity 
broker I, and login service L can all be running on the same machine). 

That is in Applicant's specification, the client is redirected to a login service residing at 
the transparent proxy and user validation is performed at the transparent proxy. 

Makarios et al, column 4, lines 49-67 cites redirecting the client request as claimed and 
further discloses redirecting the client request when no proxy cookie is present: 

"If, on the other hand, Step 110 determines that no proxy cookie 50' was 
included with the information request from the browser client 10, in Step 120 
the proxy 20 will cause the browser client 10 to redirect to a new web page 
in a manner known in the art. Assume, for example, in Step 100 the browser 
client initially requests an HTTP object such as a web page as follows: 
GET http://www.bungalow.com 

Seeing no proxy cookie 50' in Step 110, in Step 120 the proxy 20 would 
redirect the browser client 10, causing it in Step 130 to generate the 
subsequent information request 

GET http: //peru.host/ ?peru-command=peru-f etch-peru-cookie&peru- 
url=http%3A%2F%2Fwww. bungalow. com%2F 

where peru.host is a syntactically valid (albeit fictitious) URL and 
peru-commahd=peruf etch-peru-cookie and peru- 

url=http%3A%2F%2Fwww. bungalow. com%2F are fields which the proxy 20 has 
directed the browser client 10 to include in the request." 
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Makarios et al further discloses determining and asking the user for login information 
after a second request, (a redirection request); not before interaction with the proxy can 

commence, as argued by Appellant: 

Having received . the product of the redirection from the browser client 
10 in Step 130, in Step 140 the system examines the redirected request to see 
if the browser client 10 has also included a cookie for peru.host, i.e., 
perucookie=<userID>; . If Step 140 determines that the latter is the case, 
i.e., this is the first time for the user to access the proxy 20 from this 
browser client 10, in Step 150 the system serves the browser client 10 a 
signup web page or form as prompting him or her to provide a handle or 
nickname for identification in subsequent transactions, as shown in FIG, 4. 
Simultaneously, in Step 150 the system directs the browser client 10 to store 
a proxy cookie 50* which appears to come from the peru. host domain. 

When the user types in a name and submits the form, the name is returned to 
the proxy 20 (along with the proxy cookie 50', since it now matches the 
peru.host domain) . Then, in Step 160, proxy 20 stores the name for this 
user, associated with the proxy cookie 50', for use in future customization 
operations, (see column 5, lines 1-5 and 10-25) 



On page 13, lines 7-9 appellant argues that "Makarios is heavily reliant on a forward 
proxy arrangement and requires direct client registration and configuration to establish the initial 
cookie for a user on the client that the client than actively attaches to requests and forwards to the 
proxy". For the sake of argument, it is noted that Appellants's specification discloses the same 
for instance, on page 10, lines 2-5, after client A provides identification information and is being 
validated: 

"B responds with a another redirection, for exactly the same resource, and this redirection 
contains the valid A-B-X state token in its header as a proxy cookie. It is important to note that, 
because B is a proxy, it can send cookies that A will use when requesting. resources from X. A then 
re-requests the resource from X, this time with the proxy cookie required by B contained in the 
request header." 



As explained in the Response to Argument above, Makarios et al discloses a transparent 
proxy, therefore, Appellant's arguments that Makarios et al cannot be combined to Green 



because Makarios does not disclose a transparent proxy is not correct. The claims have been 
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combined in the Final rejection dated 1 1/3/2005 not because the proxy of Makarios et al is not 



clearly disclose the additional features of claim 14 with respect to the architecture of a 
transparent proxy server that includes a policy module. 

(11) Related Proceeding(s) Appendix 

No decision rendered by a court or the Board is identified by the examiner in the Related 
Appeals and Interferences section of this examiner's answer. 

For the above reasons, it is believed that the rejections should be sustained. 

Respectfully submitted. 



transparent but to clearly disclose the functions of the policy module and more specifically to 
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